On Thu, 2003-06-05 at 08:29, Ray Leach wrote: > On Thu, 2003-06-05 at 13:38, Dharmendra.T wrote: > > On Thu, 2003-06-05 at 15:26, Paulo Andre wrote: > > I would like to do the following: > > iptables -t nat -A POSTROUTING -s x.x.x.x -d ! 'servers ip' -j MASQUERADE > > now how would i put in two ip address's ? > > iptables -t nat -A POSTROUTING -s 10.10.10.5 -d 'sever ip' -j DROP > > iptables -t nat -A POSTROUTING -s 10.10.10.8 -d 'sever ip' -j DROP > > Should work > No, that will drop the packets and they won't traverse any more > tables/chains. > > the -j return tells iptables to leave the POSTROUTING chain and > continue, so no more POSTROUTING rules will be checked for that packet. > > the nat table has these chains: > > PREROUTING > POSTROUTING > OUTPUT > > A target of -j return means leave this chain and continue to the next. So what happens with iptables -t nat -A POSTROUTING -s 10.x.x.5 -s 'server ip' -j POSTROUTING ;]
